How to set up SSL/TLS certificates for a web server

Question

QA Hub Editorial · Accepted Answer

How to set up SSL/TLS certificates for a web server

Why SSL/TLS Matters

SSL/TLS encrypts data between clients and servers, preventing eavesdropping, tampering, and man-in-the-middle attacks. Modern browsers mark non-HTTPS sites as insecure, making TLS essential.

Obtaining Certificates

Let's Encrypt provides free, automated certificates via the ACME protocol:

certbot --nginx -d example.com -d www.example.com

For internal services or wildcard domains, you may purchase certificates from a commercial CA or run a private PKI.

Server Configuration

Configure your web server to enforce HTTPS and modern TLS versions:

server {
  listen 443 ssl http2;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_protocols TLSv1.2 TLSv1.3;
}

Redirect HTTP to HTTPS and enable HSTS for additional security.

For the protocol differences, read what is the difference between HTTP and HTTPS. For DNS setup required before certificate issuance, see how to configure DNS records.

How to set up SSL/TLS certificates for a web server

Why SSL/TLS Matters

Obtaining Certificates

Server Configuration

Related Questions

What is TLS/SSL and how does encryption work?

What is the difference between HTTP and HTTPS

What is a VPN and how does it work

What is software-defined networking (SDN)

What is Anycast routing and when to use it

How to configure DNS for a web application